Suhosin alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: Parse

Parse is a security scanner to perform static analysis on PHP code potential security-related issues. As it is a static scanner, no code is executed.

Project details

Parse is written in PHP.

Strengths

  • + The source code of this software is available

Typical usage

  • code analysis
  • security assessment

Parse project page

64

Alternative: PHP Malware Finder

PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.

Project details

PHP Malware Finder is written in shell script.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • malware scan

PHP Malware Finder project page

78

Alternative: Suhosin7

Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.

Project details

Suhosin7 is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • application security

Suhosin7 project page

89

Alternative: Arachni

Web Application Security Scanner aimed towards helping users evaluate the security of web applications

Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

Project details

Arachni is written in Ruby.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • web application analysis

Arachni project page

96

Alternative: Commix

Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.

Commix is short for COMMand Injection eXploiter.

Project details

Commix is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Commix project page

84

Alternative: django-axes

Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.

Project details

django-axes is written in Python.

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-axes project page

74

Alternative: django-security

Django-security is a toolkit for the Django framework with the focus on security. It provides models, views, and middleware to strengthen the defenses.

Project details

django-security is written in Python.

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • application security

django-security project page

64

Alternative: DorkNet

DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

Project details

DorkNet is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning
  • web application analysis

DorkNet project page

84

Alternative: hsecscan (hsecscan)

hsecscan performs a security scan of a website and analyses any discovered HTTP headers. For each header, it will provide details and recommendations.

The hsecscan utility is written in Python and opens a connection (via HTTP or HTTPS) to the related web server. It will return all headers found and includes an explanation of what each header does. Any security recommendations are listed as well.

Project details

hsecscan is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • information gathering
  • learning
  • penetration test
  • security assessment
  • web application analysis

hsecscan project page

64

Alternative: Jackhammer

Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

Project details

Jackhammer is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information sharing

Jackhammer project page

64

Alternative: Jawfish

Jawfish is a security tool to test web applications. It can find related exploits and update according to an internal database.

Project details

Jawfish is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • security assessment
  • vulnerability scanning
  • web application analysis

Jawfish project page

89

Alternative: jSQL Injection

jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

Project details

jSQL Injection is written in Java.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Full name of author is unknown

Typical usage

  • database security

jSQL Injection project page

64

Alternative: Spaghetti

Spaghetti is a web vulnerability scanner to find flaws in common web applications and frameworks. It can perform fingerprinting and vulnerability discovery.

Project details

Spaghetti is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • vulnerability scanning
  • vulnerability testing

Spaghetti project page

64

Alternative: Susanoo

Susanoo is a security tool to test the security of a REST API. With this focus, it goes beyond the typical attack surface of a web application.

Project details

Susanoo is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • API testing
  • application testing

Susanoo project page

59

Alternative: Wapiti

Wapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.

Project details

Wapiti is written in Python.

Strengths

  • + The source code of this software is available
  • + Well-known tool

Weaknesses

  • - No updates for a while

Typical usage

  • vulnerability scanning
  • web application analysis

Wapiti project page

78

Alternative: WhatWeb

WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.

Project details

WhatWeb is written in Ruby.

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Typical usage

  • reconnaissance
  • web application analysis

WhatWeb project page

64

Alternative: Yasuo

Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.

Project details

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • vulnerability scanning
  • web application analysis

Yasuo project page